Hit ENTER after each Tag to add it to your post; Numbers in parentheses represent the Tag's usage.

Hi, friends. May I ask your advice regarding DMARC? I have been getting a lot of DMARC reports, and so have my clients. Frankly, I am not sure what to do with these reports. I have DMARC properly configured for many domains on my SmarterMail server, but what should I do when I get a report like the one, below? Is the report telling me I need to change something? Thank you for your advice. Eric

Report Abuse

Offensive Language

Wrong Category

Spam

I think this is just an aggregated DMARC report; but I receive several of these every day, sometimes for the same domain. It seems to me that I receive many more of these reports than I used to. I suppose my real question is, should I be concerned about any of this? Thank you again for your wise advice regarding the management of a DMARC rule.Eric BourlandDecember 5, 2017 at 6:21 PM

1 Reply

As DMARC has become more widely adopted you will inevitably see an increase in DMARC reports. I cannot stress highly enough that you want DMARC reports to go to a unique address that is used only for collecting DMARC reports (i.e. dmarc@domain.tld). That said, unless you are using a 3rd Party utility to parse DMARC reports (we used to use DMARC Analyzer but there are many other solutions) then after a period of time when you are certain that all emails from a domain are passing DMARC (30 days is usually ample enough time) you would want to set the policy (p= modifier) from "none" to either "quarantine" or "reject". This will dramatically reduce the number of DMARC reports you receive considerably as only those emails that fail will result in a DMARC report being sent (a p="none" will result in a DMARC report for passes and fails).

It is important to periodically review or audit these DMARC reports (which is why using a 3rd Party monitoring tool is useful). Most failures will be caused by Spoofed emails but invariably you'll have customers who will get a new network printer that they don't setup SMTP Authentication for, or will sign-up for QuickBooks or a Marketing Service such as Constant Contact or MailChimp which will cause emails from their domain to no longer be aligned with their SPF Records or using DKIM. To resolve these issues you would have to update their SPF or DMARC policies accordingly.

However, as long as you have p=none in your DMARC policy and the policy_evaluated and auth_results show "Pass" for both SPF and DKIM then you can safely ignore that report (and if a domain routinely gets passing marks then you can safely set your DMARC p= to a more restrictive modifier).

Report Abuse

Offensive Language

Wrong Category

Spam

Scarab, this is a really useful and thorough reply. Thank you as always for your guidance. EricEric BourlandDecember 6, 2017 at 9:17 PM